News

IOActive researcher will demonstrate at Black Hat USA how satellite equipment can be ‘weaponized’

It’s been four years since researcher Ruben Santamarta rocked the security world with his chilling discovery of major vulnerabilitiesin satellite equipment that could be abused to hijack and disrupt communications links to airplanes, ships, military operations, and industrial facilities.

Santamarta has now proven out those findings and taken his research to the level of terrifying, by successfully hacking into in-flight airplane WiFi networks and satcom equipment from the ground. “As far as I know I will be the first researcher that will demonstrate that it’s possible to hack into communications devices on an in-flight aircraft … from the ground,” he says.

He accessed on-board WiFi networks including passengers’ Internet activity, and also was able to reach the planes’ satcom equipment, he says, all of which in his previous research he had concluded – but not proven – was possible. And there’s more: “In this new research, we also managed to get access to important communications devices in the aircraft,” Santamarta, principal security consultant with IO/Active, says.

Internet of Things Thames Valley Meetup highlights for 2017 include: our 3rd Anniversary in May; a growth in membership to 1,300 people and excellent presentations from startups to large enterprises right across the IoT ecosystem including:

“The controller security has improved some, but we’ve found large numbers installed on the public internet, unprotected, with complete authentication bypass in some cases!

We found them in military bases, schools, government buildings, businesses and large retailers among many. Ripe for compromise of these organisations.

We also found some that had already been compromised to a point by malware. Further compromise would be trivial.”

“It’s about lax installers NOT vendors

Most of these issues have been caused by HVAC & BMS installers, rather than the vendor. The installers have exposed their clients through not following manufacturer security guidelines. The manufacturer could still make improvements though.”

The IoT Security Foundation are holding their 3rd Annual IoT Security Conference on 5th December at the prestigious IET Savoy Place, London. This year’s theme is Knowing It’s Safe To Connect which will deliver a range of business strategic and technical talks that demonstrate what good security looks like from planning to execution. The Conference also features making the business case for the right kind of security, technical sessions for securing the IoT ecosystem, research sessions on the future of IoT security and has a post-conference drinks reception for additional networking.

Why attend? Learn from the best, connect with the IoT security community and enhance business opportunities through extensive networking.